Root Access

“One tiny, ugly bug. Fifteen years. Full system compromise,” wrote Siguza.

Essentially, it seems that IOHIDeous is a local privilege escalation flaw that can be exploited only if an attacker has access to an Apple Mac — or previously compromised Mac.

However the flaw is serious (a zero-day flaw), as it would give an attacker root access to the machine.

Siguza said he had discovered the flaw after examining the IOHIDFamily looking for an iOS flaw, but he soon realised that some parts of the IOHIDFamily exist only on macOS, namely IOHIDSystem (which contains the flaw).

The flaw is only able to be exploited if a Mac user logs out, but Siguza warned that attackers could use a “sleeper program” that would trigger when a user logs off, reboots or shuts down the Mac.

Responsible Disclosure

Some will question why Siguza chose to not inform Apple of the flaw, or sell the exploit to either governments or black hats.

However, Siguza answered that in a Tweet, in which he explained that Apple’s bug bounty program does not include MacOS.

My primary goal was to get the write-up out for people to read,” he tweeted. “I wouldn’t sell to blackhats because I don’t wanna help their cause. I would’ve submitted to Apple if their bug bounty included macOS, or if the vuln was remotely exploitable.”

“Since neither of those were the case, I figured I’d just end 2017 with a bang because why not,” he added in a follow up tweet. “But if I wanted to watch the world burn, I would be writing 0day ransomware rather than write-ups ;)”

Apple Security

Apple’s security credentials have been dented in 2017 as more and more malware and vulnerabilities were discovered.

And in October a flaw was discovered that could have allowed anyone to gain access to encrypted hard disk volumes. That issue meant that when a user requested a password hint for certain encrypted volumes the operating system instead displayed the entire password.